From 71c74b1b572f3bdf00ba99009cc23f8f48072a1c Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sat, 08 Mar 2014 11:58:49 -0500
Subject: [PATCH] Fixed: FS#3372 - Web browser password autofill function overwrites settings

---
 interface/lib/classes/session.inc.php |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index 03fad95..dcb187b 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -33,6 +33,7 @@
 	private $session_array = array();
 	private $db;
 	private $timeout = 0;
+	private $permanent = false;
 
 	function __construct($session_timeout = 0) {
 		$this->db = new db;
@@ -43,6 +44,10 @@
 		$old_timeout = $this->timeout;
 		$this->timeout = $session_timeout;
 		return $old_timeout;
+	}
+	
+	function set_permanent($value = false) {
+		$this->permanent = $value;
 	}
 
 	function open ($save_path, $session_name) {
@@ -61,7 +66,7 @@
 	function read ($session_id) {
 		
 		if($this->timeout > 0) {
-			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
 		} else {
 			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
 		}
@@ -94,14 +99,14 @@
 			$date_created = date('Y-m-d H:i:s');
 			$last_updated = date('Y-m-d H:i:s');
 			$session_data = $this->db->quote($session_data);
-			$sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data) VALUES ('$session_id','$date_created','$last_updated','$session_data')";
+			$sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id','$date_created','$last_updated','$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
 			$this->db->query($sql);
 
 		} else {
 			$session_id   = $this->db->quote($session_id);
 			$last_updated = date('Y-m-d H:i:s');
 			$session_data = $this->db->quote($session_data);
-			$sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data' WHERE session_id = '$session_id'";
+			$sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
 			$this->db->query($sql);
 
 		}
@@ -127,6 +132,13 @@
 			$dt1 = strtotime("$real_now -$max_lifetime seconds");
 			$dt2 = date('Y-m-d H:i:s', $dt1);
 
+			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2' AND `permanent` != 'y'";
+			$this->db->query($sql);
+			
+			/* delete very old even if they are permanent */
+			$dt1 = strtotime("$real_now -365 days");
+			$dt2 = date('Y-m-d H:i:s', $dt1);
+
 			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
 			$this->db->query($sql);
 		//}

--
Gitblit v1.9.1