From 71c74b1b572f3bdf00ba99009cc23f8f48072a1c Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sat, 08 Mar 2014 11:58:49 -0500
Subject: [PATCH] Fixed: FS#3372 - Web browser password autofill function overwrites settings
---
interface/lib/classes/session.inc.php | 132 ++++++++++++++++++++++++++-----------------
1 files changed, 80 insertions(+), 52 deletions(-)
diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index dc12800..dcb187b 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -29,101 +29,129 @@
*/
class session {
-
+
private $session_array = array();
private $db;
-
- function __construct() {
+ private $timeout = 0;
+ private $permanent = false;
+
+ function __construct($session_timeout = 0) {
$this->db = new db;
+ $this->timeout = $session_timeout;
}
+ function set_timeout($session_timeout = 0) {
+ $old_timeout = $this->timeout;
+ $this->timeout = $session_timeout;
+ return $old_timeout;
+ }
+
+ function set_permanent($value = false) {
+ $this->permanent = $value;
+ }
+
function open ($save_path, $session_name) {
return true;
}
-
+
function close () {
if (!empty($this->session_array)) {
- $result = $this->gc(ini_get('session.gc_maxlifetime'));
- return $result;
- }
- return false;
- }
-
+ $result = $this->gc(ini_get('session.gc_maxlifetime'));
+ return $result;
+ }
+ return false;
+ }
+
function read ($session_id) {
- $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+ if($this->timeout > 0) {
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
+ } else {
+ $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+ }
- if (is_array($rec)) {
+ if (is_array($rec)) {
$this->session_array = $rec;
return $this->session_array['session_data'];
} else {
return '';
}
}
-
+
function write ($session_id, $session_data) {
-
+
if (!empty($this->session_array) && $this->session_array['session_id'] != $session_id) {
- $this->session_array = array();
- }
-
+ $this->session_array = array();
+ }
+
// Dont write session_data to DB if session data has not been changed after reading it.
if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {
$session_id = $this->db->quote($session_id);
$last_updated = date('Y-m-d H:i:s');
- $this->db->query("UPDATE sys_session SET last_updated = '$last_updated' WHERE session_id = '$session_id'");
+ $this->db->query("UPDATE sys_session SET last_updated = '$last_updated' WHERE session_id = '$session_id'");
return true;
}
-
- if (@$this->session_array['session_id'] == '') {
+
+ if (@$this->session_array['session_id'] == '') {
$session_id = $this->db->quote($session_id);
- $date_created = date('Y-m-d H:i:s');
- $last_updated = date('Y-m-d H:i:s');
- $session_data = $this->db->quote($session_data);
- $sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data) VALUES ('$session_id','$date_created','$last_updated','$session_data')";
- $this->db->query($sql);
-
- } else {
- $session_id = $this->db->quote($session_id);
+ $date_created = date('Y-m-d H:i:s');
$last_updated = date('Y-m-d H:i:s');
- $session_data = $this->db->quote($session_data);
- $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data' WHERE session_id = '$session_id'";
+ $session_data = $this->db->quote($session_data);
+ $sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id','$date_created','$last_updated','$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
$this->db->query($sql);
- }
-
- return true;
- }
-
+ } else {
+ $session_id = $this->db->quote($session_id);
+ $last_updated = date('Y-m-d H:i:s');
+ $session_data = $this->db->quote($session_data);
+ $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
+ $this->db->query($sql);
+
+ }
+
+ return true;
+ }
+
function destroy ($session_id) {
$session_id = $this->db->quote($session_id);
$sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";
$this->db->query($sql);
-
- return true;
- }
-
+
+ return true;
+ }
+
function gc ($max_lifetime) {
- $real_now = date('Y-m-d H:i:s');
- $dt1 = strtotime("$real_now -$max_lifetime seconds");
- $dt2 = date('Y-m-d H:i:s', $dt1);
-
- $sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
- $this->db->query($sql);
-
- return true;
-
- }
+ /*if($this->timeout > 0) {
+ $this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
+ } else {*/
+ $real_now = date('Y-m-d H:i:s');
+ $dt1 = strtotime("$real_now -$max_lifetime seconds");
+ $dt2 = date('Y-m-d H:i:s', $dt1);
+
+ $sql = "DELETE FROM sys_session WHERE last_updated < '$dt2' AND `permanent` != 'y'";
+ $this->db->query($sql);
+
+ /* delete very old even if they are permanent */
+ $dt1 = strtotime("$real_now -365 days");
+ $dt2 = date('Y-m-d H:i:s', $dt1);
+
+ $sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
+ $this->db->query($sql);
+ //}
+
+ return true;
+
+ }
function __destruct () {
- @session_write_close();
+ @session_write_close();
- }
+ }
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1