View GitHub Repository tt-rss

Schedule Inspection
Subscribe

Issues (1270)

include/sessions.php (1 issue)

← previous file next file →
Code
1 
<?php
2 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    3
                

                                    
                                                    
                
                
                
require_once "config.php";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                
require_once "classes/db.php";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
require_once "autoload.php";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
require_once "errorhandler.php";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                
require_once "lib/gettext/gettext.inc";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
if (is_server_https()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
    ini_set("session.cookie_secure", true);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
ini_set("session.gc_probability", 75);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
ini_set("session.name", $session_name);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
ini_set("session.use_only_cookies", true);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
ini_set("session.gc_maxlifetime", $session_expire);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                
ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
function session_get_schema_version() {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
    global $schema_version;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
    if (!$schema_version) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                
        $row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
        $version = $row["schema_version"];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                
        $schema_version = $version;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
        return $version;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
    return $schema_version;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                
function validate_session() {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
    if (SINGLE_USER_MODE) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
        return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    41
                

                                    
                                                    
                
                
                
    if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                
        $_SESSION["login_error_msg"] =

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    43
                

                                    
                                                    
                
                
                
            __("Session failed to validate (schema version changed)");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
        return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    46
                

                                    
                                                    
                
                
                
        $pdo = Db::pdo();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    48
                

                                    
                                                    
                
                
                
    if ($_SESSION["uid"]) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                
        if (!defined('_SESSION_SKIP_UA_CHECKS') && $_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    51
                

                                    
                                                    
                
                
                
            $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    52
                

                                    
                                                    
                
                
                
            return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    53
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    54
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    55
                

                                    
                                                    
                
                
                
        $sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    56
                

                                    
                                                    
                
                
                
        $sth->execute([$_SESSION['uid']]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    57
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    58
                

                                    
                                                    
                
                
                
        // user not found

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    59
                

                                    
                                                    
                
                
                
        if ($row = $sth->fetch()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    60
                

                                    
                                                    
                
                
                
                    $pwd_hash = $row["pwd_hash"];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    61
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    62
                

                                    
                                                    
                
                
                
                    if ($pwd_hash != $_SESSION["pwd_hash"]) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    63
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    64
                

                                    
                                                    
                
                
                
                        $_SESSION["login_error_msg"] =

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    65
                

                                    
                                                    
                
                
                
                            __("Session failed to validate (password changed)");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    66
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    67
                

                                    
                                                    
                
                
                
                        return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    68
                

                                    
                                                    
                
                
                
                    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    69
                

                                    
                                                    
                
                
                
        } else {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    70
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    71
                

                                    
                                                    
                
                
                
                    $_SESSION["login_error_msg"] =

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    72
                

                                    
                                                    
                
                
                
                        __("Session failed to validate (user not found)");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    73
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    74
                

                                    
                                                    
                
                
                
                    return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    75
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    76
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    77
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    78
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    79
                

                                    
                                                    
                
                
                
    return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    80
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    81
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    82
                

                                    
                                                    
                
                
                
function ttrss_open() {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    83
                

                                    
                                                    
                
                
                
    return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    84
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    85
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    86
                

                                    
                                                    
                
                
                
function ttrss_read($id) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    87
                

                                    
                                                    
                
                
                
    global $session_expire;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    88
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    89
                

                                    
                                                    
                
                
                
    $sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    90
                

                                    
                                                    
                
                
                
    $sth->execute([$id]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    91
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    92
                

                                    
                                                    
                
                
                
    if ($row = $sth->fetch()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    93
                

                                    
                                                    
                
                
                
        return base64_decode($row["data"]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    94
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    95
                

                                    
                                                    
                
                
                
    } else {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    96
                

                                    
                                                    
                
                
                
        $expire = time() + $session_expire;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    97
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    98
                

                                    
                                                    
                
                
                
        $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, '', ?)");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    99
                

                                    
                                                    
                
                
                
        $sth->execute([$id, $expire]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    100
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    101
                

                                    
                                                    
                
                
                
        return "";

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    102
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    103
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    104
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    105
                

                                    
                                                    
                
                
                
function ttrss_write($id, $data) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    106
                

                                    
                                                    
                
                
                
    global $session_expire;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    107
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    108
                

                                    
                                                    
                
                
                
    $data = base64_encode($data);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    109
                

                                    
                                                    
                
                
                
    $expire = time() + $session_expire;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    110
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    111
                

                                    
                                                    
                
                
                
    $sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    112
                

                                    
                                                    
                
                
                
    $sth->execute([$id]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    113
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    114
                

                                    
                                                    
                
                
                
    if ($sth->fetch()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    115
                

                                    
                                                    
                
                
                
        $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    116
                

                                    
                                                    
                
                
                
        $sth->execute([$data, $expire, $id]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    117
                

                                    
                                                    
                
                
                
    } else {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    118
                

                                    
                                                    
                
                
                
        $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, ?, ?)");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    119
                

                                    
                                                    
                
                
                
        $sth->execute([$id, $data, $expire]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    120
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    121
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    122
                

                                    
                                                    
                
                
                
    return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    123
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    124
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    125
                

                                    
                                                    
                
                
                
function ttrss_close() {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    126
                

                                    
                                                    
                
                
                
    return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    127
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    128
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    129
                

                                    
                                                    
                
                
                
function ttrss_destroy($id) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    130
                

                                    
                                                    
                
                
                
    $sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    131
                

                                    
                                                    
                
                
                
    $sth->execute([$id]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    132
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    133
                

                                    
                                                    
                
                
                
    return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    134
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    135
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    136
                

                                    
                                                    
                
                
                
function ttrss_gc() {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    137
                

                                    
                                                    
                
                
                
    Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < ".time());

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    138
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    139
                

                                    
                                                    
                
                
                
    return true;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    140
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    141
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    142
                

                                    
                                                    
                
                
                
if (!SINGLE_USER_MODE) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    143
                

                                    
                                                    
                
                
                
    session_set_save_handler("ttrss_open",

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    144
                

                                    
                                                    
                
                
                
        "ttrss_close", "ttrss_read", "ttrss_write",

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    145
                

                                    
                                                    
                
                
                
        "ttrss_destroy", "ttrss_gc");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    146
                

                                    
                                                    
                
                
                
    register_shutdown_function('session_write_close');

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    147
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    148
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    149
                

                                    
                                                    
                
                
                
if (!defined('NO_SESSION_AUTOSTART')) {

            


            
                                                        
            
                                    
            
            

                
                    150
                

                                    
                                                    
                
                
                
    if (isset($_COOKIE[session_name()])) {

            


            
                                                        
            
                                    
            
            

                
                    151
                

                                    
                                                    
                
                
                
        @session_start();

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Security
            Best Practice
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                                
                            
                        

                                        
It seems like you do not handle an error condition for session_start(). This can introduce security issues, and is generally not recommended.
                                                                                                                                       (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-unhandled   annotation

                                    

                                        

                                            151
                                            
                                                
        /** @scrutinizer ignore-unhandled */ @session_start();

                                        

                                                                            

                                

                                                                        

                    
                                            

                            

                            

                                
                                    
                                
                            


                            
If you suppress an error, we recommend checking for the error condition explicitly:


// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}





                        

                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                        
            
                                    
            
            

                
                    152
                

                                    
                                                    
                
                
                
    }

            


            
                                                        
            
                                    
            
            

                
                    153
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    154