From f4f981d8f98e4f74a8d69d05a31ab63e188ea808 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sun, 15 Nov 2015 08:00:17 -0500
Subject: [PATCH] Added missing delimiter settings in reseller form file.

---
 interface/lib/classes/session.inc.php |  123 +++++++++++++++++++++-------------------
 1 files changed, 65 insertions(+), 58 deletions(-)

diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index dc12800..bef2a10 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -29,101 +29,108 @@
 */
 
 class session {
-	
+
 	private $session_array = array();
 	private $db;
-	
-	function __construct() {
+	private $timeout = 0;
+	private $permanent = false;
+
+	function __construct($session_timeout = 0) {
 		$this->db = new db;
+		$this->timeout = $session_timeout;
 	}
 	
+	function set_timeout($session_timeout = 0) {
+		$old_timeout = $this->timeout;
+		$this->timeout = $session_timeout;
+		return $old_timeout;
+	}
+	
+	function set_permanent($value = false) {
+		$this->permanent = $value;
+	}
+
 	function open ($save_path, $session_name) {
 		return true;
 	}
-	
+
 	function close () {
 
 		if (!empty($this->session_array)) {
-            $result = $this->gc(ini_get('session.gc_maxlifetime'));
-            return $result;
-        }
-        return false;
-    }
-	
+			$result = $this->gc(ini_get('session.gc_maxlifetime'));
+			return $result;
+		}
+		return false;
+	}
+
 	function read ($session_id) {
 		
-		$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+		if($this->timeout > 0) {
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout);
+		} else {
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id);
+		}
 
-        if (is_array($rec)) {
+		if (is_array($rec)) {
 			$this->session_array = $rec;
 			return $this->session_array['session_data'];
 		} else {
 			return '';
 		}
 	}
-	
+
 	function write ($session_id, $session_data) {
-		
+
 		if (!empty($this->session_array) && $this->session_array['session_id'] != $session_id) {
-            $this->session_array = array();
-        }
-		
+			$this->session_array = array();
+		}
+
 		// Dont write session_data to DB if session data has not been changed after reading it.
 		if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {
-			$session_id   = $this->db->quote($session_id);
-			$last_updated = date('Y-m-d H:i:s');
-            $this->db->query("UPDATE sys_session SET last_updated = '$last_updated' WHERE session_id = '$session_id'");
+			$this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id);
 			return true;
 		}
-		
 
-        if (@$this->session_array['session_id'] == '') {
-			$session_id   = $this->db->quote($session_id);
-            $date_created = date('Y-m-d H:i:s');
-            $last_updated = date('Y-m-d H:i:s');
-            $session_data = $this->db->quote($session_data);
-			$sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data) VALUES ('$session_id','$date_created','$last_updated','$session_data')";
-			$this->db->query($sql);
 
-        } else {
-            $session_id   = $this->db->quote($session_id);
-			$last_updated = date('Y-m-d H:i:s');
-            $session_data = $this->db->quote($session_data);
-            $sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data' WHERE session_id = '$session_id'";
-			$this->db->query($sql);
+		if (@$this->session_array['session_id'] == '') {
+			$sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),'$session_data',?)";
+			$this->db->query($sql, $session_id, ($this->permanent ? 'y' : 'n'));
 
-        }
-		
-        return true;
-    }
-	
+		} else {
+			$sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?";
+			$this->db->query($sql, $session_data, $session_id);
+
+		}
+
+		return true;
+	}
+
 	function destroy ($session_id) {
 
-		$session_id   = $this->db->quote($session_id);
-		$sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";
-		$this->db->query($sql);
-        
-        return true;
-    }
-	
+		$sql = "DELETE FROM sys_session WHERE session_id = ?";
+		$this->db->query($sql, $session_id);
+
+		return true;
+	}
+
 	function gc ($max_lifetime) {
 
-		$real_now = date('Y-m-d H:i:s');
-        $dt1 = strtotime("$real_now -$max_lifetime seconds");
-        $dt2 = date('Y-m-d H:i:s', $dt1);
-		
-		$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
+		$sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'";
+		$this->db->query($sql, intval($max_lifetime));
+			
+		/* delete very old even if they are permanent */
+		$sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
 		$this->db->query($sql);
-        
-        return true;
-        
-    }
+
+		return true;
+
+	}
 
 	function __destruct () {
-        @session_write_close();
+		@session_write_close();
 
-    }
+	}
 
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1