Issues in sessions.php (master) - Issues in master - codysnider/tt-rss - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1270)

include/sessions.php (1 issue)

Labels

Bug 1

Severity

Major 1

Cody Snider 1

<?php

require_once "config.php";
require_once "classes/db.php";
require_once "autoload.php";
require_once "errorhandler.php";
require_once "lib/gettext/gettext.inc";

$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;

if (is_server_https()) {
    ini_set("session.cookie_secure", true);
}

ini_set("session.gc_probability", 75);
ini_set("session.name", $session_name);
ini_set("session.use_only_cookies", true);
ini_set("session.gc_maxlifetime", $session_expire);
ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));

function session_get_schema_version() {
    global $schema_version;

    if (!$schema_version) {
        $row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();

        $version = $row["schema_version"];
        $schema_version = $version;
        return $version;
    }

    return $schema_version;
}

function validate_session() {
    if (SINGLE_USER_MODE) {
        return true;
    }

    if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
        $_SESSION["login_error_msg"] =
            __("Session failed to validate (schema version changed)");
        return false;
    }
        $pdo = Db::pdo();

    if ($_SESSION["uid"]) {

        if (!defined('_SESSION_SKIP_UA_CHECKS') && $_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
            $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
            return false;
        }

        $sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
        $sth->execute([$_SESSION['uid']]);

        // user not found
        if ($row = $sth->fetch()) {
                    $pwd_hash = $row["pwd_hash"];

                    if ($pwd_hash != $_SESSION["pwd_hash"]) {

                        $_SESSION["login_error_msg"] =
                            __("Session failed to validate (password changed)");

                        return false;
                    }
        } else {

                    $_SESSION["login_error_msg"] =
                        __("Session failed to validate (user not found)");

                    return false;

        }
    }

    return true;
}

function ttrss_open() {
    return true;
}

function ttrss_read($id) {
    global $session_expire;

    $sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
    $sth->execute([$id]);

    if ($row = $sth->fetch()) {
        return base64_decode($row["data"]);

    } else {
        $expire = time() + $session_expire;

        $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, '', ?)");
        $sth->execute([$id, $expire]);

        return "";
    }
}

function ttrss_write($id, $data) {
    global $session_expire;

    $data = base64_encode($data);
    $expire = time() + $session_expire;

    $sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");
    $sth->execute([$id]);

    if ($sth->fetch()) {
        $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
        $sth->execute([$data, $expire, $id]);
    } else {
        $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, ?, ?)");
        $sth->execute([$id, $data, $expire]);
    }

    return true;
}

function ttrss_close() {
    return true;
}

function ttrss_destroy($id) {
    $sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
    $sth->execute([$id]);

    return true;
}

function ttrss_gc() {
    Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < ".time());

    return true;
}

if (!SINGLE_USER_MODE) {

    session_set_save_handler("ttrss_open",
        "ttrss_close", "ttrss_read", "ttrss_write",
        "ttrss_destroy", "ttrss_gc");
    register_shutdown_function('session_write_close');
}

if (!defined('NO_SESSION_AUTOSTART')) {
    if (isset($_COOKIE[session_name()])) {
        @session_start();
    }
}


1			<?php
2
3			require_once "config.php";
4			require_once "classes/db.php";
5			require_once "autoload.php";
6			require_once "errorhandler.php";
7			require_once "lib/gettext/gettext.inc";
8
9			$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
10			$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
11
12			if (is_server_https()) {
13			ini_set("session.cookie_secure", true);
14			}
15
16			ini_set("session.gc_probability", 75);
17			ini_set("session.name", $session_name);
18			ini_set("session.use_only_cookies", true);
19			ini_set("session.gc_maxlifetime", $session_expire);
20			ini_set("session.cookie_lifetime", min(0, SESSION_COOKIE_LIFETIME));
21
22			function session_get_schema_version() {
23			global $schema_version;
24
25			if (!$schema_version) {
26			$row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();
27
28			$version = $row["schema_version"];
29			$schema_version = $version;
30			return $version;
31			}
32
33			return $schema_version;
34			}
35
36			function validate_session() {
37			if (SINGLE_USER_MODE) {
38			return true;
39			}
40
41			if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version()) {
42			$_SESSION["login_error_msg"] =
43			__("Session failed to validate (schema version changed)");
44			return false;
45			}
46			$pdo = Db::pdo();
47
48			if ($_SESSION["uid"]) {
49
50			if (!defined('_SESSION_SKIP_UA_CHECKS') && $_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
51			$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
52			return false;
53			}
54
55			$sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
56			$sth->execute([$_SESSION['uid']]);
57
58			// user not found
59			if ($row = $sth->fetch()) {
60			$pwd_hash = $row["pwd_hash"];
61
62			if ($pwd_hash != $_SESSION["pwd_hash"]) {
63
64			$_SESSION["login_error_msg"] =
65			__("Session failed to validate (password changed)");
66
67			return false;
68			}
69			} else {
70
71			$_SESSION["login_error_msg"] =
72			__("Session failed to validate (user not found)");
73
74			return false;
75
76			}
77			}
78
79			return true;
80			}
81
82			function ttrss_open() {
83			return true;
84			}
85
86			function ttrss_read($id) {
87			global $session_expire;
88
89			$sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
90			$sth->execute([$id]);
91
92			if ($row = $sth->fetch()) {
93			return base64_decode($row["data"]);
94
95			} else {
96			$expire = time() + $session_expire;
97
98			$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, '', ?)");
99			$sth->execute([$id, $expire]);
100
101			return "";
102			}
103			}
104
105			function ttrss_write($id, $data) {
106			global $session_expire;
107
108			$data = base64_encode($data);
109			$expire = time() + $session_expire;
110
111			$sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");
112			$sth->execute([$id]);
113
114			if ($sth->fetch()) {
115			$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
116			$sth->execute([$data, $expire, $id]);
117			} else {
118			$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire) VALUES (?, ?, ?)");
119			$sth->execute([$id, $data, $expire]);
120			}
121
122			return true;
123			}
124
125			function ttrss_close() {
126			return true;
127			}
128
129			function ttrss_destroy($id) {
130			$sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
131			$sth->execute([$id]);
132
133			return true;
134			}
135
136			function ttrss_gc() {
137			Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < ".time());
138
139			return true;
140			}
141
142			if (!SINGLE_USER_MODE) {
			0 ignored issues – show Bug introduced 2019-12-20 19:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `SINGLE_USER_MODE` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
143			session_set_save_handler("ttrss_open",
144			"ttrss_close", "ttrss_read", "ttrss_write",
145			"ttrss_destroy", "ttrss_gc");
146			register_shutdown_function('session_write_close');
147			}
148
149			if (!defined('NO_SESSION_AUTOSTART')) {
150			if (isset($_COOKIE[session_name()])) {
151			@session_start();
152			}
153			}
154

codysnider / tt-rss

Issues (1270)

include/sessions.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like